orzeszkowa utworzono 11 lipca 2017 utworzono 11 lipca 2017 Witam, mam problem. Przeglądarka Google Chrome od pewnego czasu robi mnie w konia. Zmieniła mi wyszukiwarkę domyślną na piesearch, więc porobiłam skany różnymi programami antywirusowymi, pousuwałam wszystkie błędy ale to nic nie dało. Odinstalowałam chroma bo sie wkurzyłam, jednak on dalej jest w folderze "Yeshat" patrzyłam w necie co to jest i niby piszą że to wirus. Wrzucam pliki z FRST'a. Pomóżcie bo to już jest nie do zniesienia Addition_10-07-2017 17.39.43.txt FRST_10-07-2017 17.39.43.txt Shortcut_10-07-2017 17.39.43.txt //Poprawiam tytuł tematu na zgodny z panującym regulaminem //Youki
Twój_Anioł_Stróż komentarz 11 lipca 2017 komentarz 11 lipca 2017 1) Spróbuj odinstalować te programy: DAEMON Tools Toolbar (HKLM\..\DAEMON Tools Toolbar) (Version: 1.1.2.0185 - DT Soft Ltd) <==== UWAGA Search App by Ask (HKLM\...\{56444A2D-5350-006A-76A7-A758B70C2300}) (Version: 12.35.0.2449 - APN, LLC) <==== UWAGA WinSnare (HKLM\...\{10CB3D4C-21FB-43AA-B191-AF187522EEE8}) (Version: 4.4.0 - WinSnare) <==== UWAGA WinZip (HKLM\...\WinZip) (Version: 2.2.98 - Winzipper Pvt Ltd.) <==== UWAGA YAC(Yet Another Cleaner!) (HKLM\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== UWAGA 2) Niektóre infekcje masz już półtora roku! Uruchom FRST. NA klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego: ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll -> Brak pliku ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll -> Brak pliku ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll -> Brak pliku ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers01: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll -> Brak pliku ContextMenuHandlers01: [WinRAR] -> _{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Brak pliku ContextMenuHandlers01: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} => C:\Program Files\WinZipper\wzShellctx.dll -> Brak pliku ContextMenuHandlers03: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers04: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} => C:\Program Files\WinZipper\wzShellctx.dll -> Brak pliku ContextMenuHandlers06: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll -> Brak pliku ContextMenuHandlers06: [WinRAR] -> _{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Brak pliku ContextMenuHandlers06: [WinZipper] -> {DC638EEA-2BA2-4459-9C46-85A2F0BE6040} => C:\Program Files\WinZipper\wzShellctx.dll -> Brak pliku Task: {0529ADAC-AED1-47C9-9CF8-76B9626DA146} - System32\Tasks\Milimili => C:\Program Files\MIO\MIO.exe [2017-02-06] () Task: {248AA7FC-90D8-4550-98B1-32B434BA0042} - System32\Tasks\{5D17FF56-2D73-42E7-B5B1-D36D77CE2DAA} => pcalua.exe -a H:\launcher.exe -d H:\ Task: {1BEFC538-884C-4E1A-A01A-131DBCFDE63E} - System32\Tasks\SmartComp Safe Network Schedualer => C:\Program Files\SmartComp Safe Network\msnworker.exe [2017-07-10] (North CH Prog) <==== UWAGA Task: {6E2E557F-0B51-412A-B9D9-4B7FE2D227C2} - System32\Tasks\{3F23F87A-982D-461D-80C5-189694ABE610} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe -c /M{1096C4FA-CC07-4BE1-B73F-77BDFF4916B8} Task: {7A690E04-F276-4893-8E78-CCD71E3529C3} - System32\Tasks\{B0D197DD-1682-4FF1-AD9A-A0E1F2A8B064} => pcalua.exe -a "C:\Users\Piotr Lis\Downloads\Luxor .exe" -d "C:\Users\Piotr Lis\Downloads" Task: {83C4ABD3-A941-4FEE-8B3C-E7E64BD85CFD} - System32\Tasks\{BA7E24D1-C4A1-49DA-907A-9BA056557538} => pcalua.exe -a "C:\Program Files\DAEMON Tools Toolbar\uninst.exe" Task: {9D1CE3C5-2892-480B-925B-16B1FF119E81} - System32\Tasks\{87EAA5C7-BD52-4F98-A491-41C9F56BC08A} => pcalua.exe -a "C:\Program Files\Common Files\DVDVideoSoft\lib\Uninstall.exe" Task: {B05FA387-6CB8-49EF-93A6-2F64251960FA} - System32\Tasks\Kucipy Cloud => C:\Program Files\Kucipy\kucipycloudtsk.exe <==== UWAGA Task: {B0E58E64-5E56-4F5C-B30D-B7A9FD2F9C7B} - System32\Tasks\{729BADFD-FFFF-4CD6-9315-54166B8B835F} => pcalua.exe -a "C:\Users\Piotr Lis\Downloads\luxor (full version).exe" -d "C:\Users\Piotr Lis\Downloads" Task: {D7F435B1-CFB7-4282-972F-17A7D1CCC652} - System32\Tasks\Full Menager => C:\Users\KLAUDIA\AppData\Roaming\Full Menager\Full Menager.exe [2016-02-10] () <==== UWAGA Task: {E45A9B6A-C7FD-4062-8C0E-A9C4369E6738} - System32\Tasks\JunetoeUpdateTaskMachineCore => C:\Program Files\Junetoe\Update\JunetoeUpdate.exe <==== UWAGA Task: {E92D1642-7901-418F-B763-4CE5729DC24F} - System32\Tasks\Smart Updater Schedualer => C:\Program Files\Smart Updater\SmartUpdater.exe <==== UWAGA Task: {EDD7C5D2-AE73-44D7-8F1F-807EFD79AADA} - System32\Tasks\JunetoeUpdateTaskMachineUA => C:\Program Files\Junetoe\Update\JunetoeUpdate.exe <==== UWAGA Task: {F475A88A-27D8-4131-91F9-FF6C98149B4B} - System32\Tasks\{39D3E1BC-8CDB-4EE0-8EA2-D28031FE2375} => pcalua.exe -a "C:\Users\Piotr Lis\Desktop\NEED FOR SPEED CARBON\Need For Speed Carbon + Deamon Tools pl\Files\setup.exe" -d "C:\Users\Piotr Lis\Desktop\NEED FOR SPEED CARBON\Need For Speed Carbon + Deamon Tools pl\Files" Task: {F959D640-4A43-45F3-A8A3-45D555712A55} - System32\Tasks\{18BFD750-5258-4907-BDA7-63F9FBBBABAE} => pcalua.exe -a J:\Autorun.exe -d J:\ C:\Users\KLAUDIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files\Yeshat\Application\chrome.exe (Google Inc.) C:\Users\KLAUDIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files\Yeshat\Application\chrome.exe (Google Inc.) C:\Users\KLAUDIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\user0 - Chrome.lnk -> C:\Users\KLAUDIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9 () ShortcutWithArgument: C:\Users\KLAUDIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1483394012&z=fedc46a42488d0c225b3d4cg3z1t1e2m9tae5zfz7t&from=che0812&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX ShortcutWithArgument: C:\Users\KLAUDIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files\Yeshat\Application\chrome.exe (Google Inc.) -> hxxp://www.startpageing123.com/?type=sc&ts=1483394012&z=fedc46a42488d0c225b3d4cg3z1t1e2m9tae5zfz7t&from=che0812&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX ShortcutWithArgument: C:\Users\KLAUDIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4401ea30503fe87e\Google Chrome.lnk -> C:\Program Files\Yeshat\Application\chrome.exe (Google Inc.) -> hxxp://www.startpageing123.com/?type=sc&ts=1483394012&z=fedc46a42488d0c225b3d4cg3z1t1e2m9tae5zfz7t&from=che0812&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX ShortcutWithArgument: C:\Users\KLAUDIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3ea9b03f7eb2643e\user0 - Chrome.lnk -> C:\Program Files\Yeshat\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData AlternateDataStreams: C:\Users\KLAUDIA\Local Settings:init [7634550] C:\Program Files\Firefox RemoveDirectory: C:\Program Files\WinZipper RemoveDirectory: C:\Program Files\MIO RemoveDirectory: C:\Program Files\SmartComp Safe Network RemoveDirectory: C:\Program Files\Kucipy RemoveDirectory: C:\Program Files\Junetoe RemoveDirectory: C:\Program Files\Smart Updater RemoveDirectory: C:\Users\KLAUDIA\AppData\Roaming\Full Menager RemoveDirectory: C:\Program Files\Yeshat RemoveDirectory: C:\Program Files\Elex-tech RemoveDirectory: c:\programdata\tencent RemoveDirectory: C:\Users\KLAUDIA\AppData\Roaming\Kyubey RemoveDirectory: C:\Program Files\UvConverter RemoveDirectory: C:\Program Files\WinSaber FirewallRules: [{FEC2FB75-92E2-42A9-B0F5-CDE5163AD5A0}] => (Allow) C:\Program Files\Firefox\bin\FirefoxCommand.exe FirewallRules: [{79B23E60-E36C-40C9-919E-B51F3AD493B0}] => (Allow) C:\Program Files\Firefox\Firefox.exe FirewallRules: [{8910D828-A734-4106-AB7E-5D5CA11A27AE}] => (Allow) C:\Program Files\Junetoe\Update\JunetoeUpdate.exe FirewallRules: [{D8553789-80A3-47AD-BFDA-ECFBC6317210}] => (Allow) C:\ProgramData\Junetoe\Junetoe.exe FirewallRules: [{6C92F3A3-D285-4A4F-BAE7-6AFBDC3CDC8A}] => (Allow) C:\Program Files\Yeshat\Application\chrome.exe FirewallRules: [{1A32BFD5-78E4-4E32-A2CE-868CAB00CC0A}] => (Allow) C:\Program Files\MIO\loader\fujitsuxmhz2160bhxg2_k62kt8c2bvvft8c2bvvfx.dat FirewallRules: [{CA98F0D4-7696-4C5C-B1F1-7DBEC2523DFE}] => (Allow) C:\Program Files\MIO\loader\fujitsuxmhz2160bhxg2_k62kt8c2bvvft8c2bvvfx.dat HKU\S-1-5-21-4189835581-805814904-2857990135-1003\...\Run: [MSConfig] => C:\Users\KLAUDIA\rvmqugln.exe [46608384 2017-01-02] () C:\Users\KLAUDIA\rvmqugln.exe ShortcutTarget: EA_RESTART_001.lnk -> C:\Users\KLAUDIA\AppData\Local\Temp\AutoRun.exe (Brak pliku) InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\more.url -> URL: hxxp://adf.ly/pRzv6 GroupPolicy: Ograniczenia - Chrome <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA ProxyEnable: [S-1-5-21-4189835581-805814904-2857990135-1003] => Proxy [funkcja włączona] ProxyServer: [S-1-5-21-4189835581-805814904-2857990135-1003] => 127.0.0.1:8118 AutoConfigURL: [S-1-5-21-4189835581-805814904-2857990135-1003] => 127.0.0.1:8118 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.attirerpage.com/?type=hp&ts=1469226985&z=e6ad5afccdbbbb57d818d85gazaqct2q0b8tabee6t&from=ihpm0722&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1468917796&z=5a5c5c0519a91fdb8ddc85cgfz3q8tbe4g4o8o9c4z&from=wpm0616&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.attirerpage.com/?type=hp&ts=1469226985&z=e6ad5afccdbbbb57d818d85gazaqct2q0b8tabee6t&from=ihpm0722&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468917796&z=5a5c5c0519a91fdb8ddc85cgfz3q8tbe4g4o8o9c4z&from=wpm0616&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX&q={searchTerms} HKU\S-1-5-21-4189835581-805814904-2857990135-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1468989140&z=b00875d58d8c22f5c26363fg2z4qatcg5b6w2eco4c&from=ihpm0722&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX&q={searchTerms} HKU\S-1-5-21-4189835581-805814904-2857990135-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1468989140&z=b00875d58d8c22f5c26363fg2z4qatcg5b6w2eco4c&from=ihpm0722&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX HKU\S-1-5-21-4189835581-805814904-2857990135-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468989140&z=b00875d58d8c22f5c26363fg2z4qatcg5b6w2eco4c&from=ihpm0722&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX&q={searchTerms} SearchScopes: HKLM -> DefaultScope - brak wartości SearchScopes: HKLM -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437235946&z=048e5fa7908d47dde43a96dg3zccem0o3c6w2tbo1g&from=cor&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX&q={searchTerms} SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {0D559E6B-3819-43D1-973C-32AF13EB8831} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {10F131BB-269D-4076-9092-8186D59A09B6} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX&ts=1437236047&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {2A489E4C-CF61-4F3A-9700-41AA9193F2BC} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468989140&z=b00875d58d8c22f5c26363fg2z4qatcg5b6w2eco4c&from=ihpm0722&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX&q={searchTerms} SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {489CD0E4-7AA1-4C27-A204-B4E867FCACAD} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {56F9C544-4E65-4E3E-9482-0BF5A91ED3CF} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {5DC1FE83-9606-4851-A808-3F7EF3BEFD5B} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {62E3D916-F104-442E-8FB0-EB2F5E13FCC1} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {70C43639-A9F0-4EBF-9324-C8AFE1ADF64D} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {AEA6409B-55B0-448E-8C27-219386A792A5} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {B9E67AA2-8FA0-4F4D-A6C7-32D370696606} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {BB4F29C1-E6D7-455E-84C6-263AC6DB65CC} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {D14DAB57-8B8A-4257-A3D3-1690FFF09AA9} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {D44019FF-EF8C-48DD-B74D-68EEA7F5D1BF} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX&ts=1437236047&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {F69FE61B-7A57-46B1-B0D3-232D0DDB914A} URL = SearchScopes: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> {FD1B5F23-E3A7-4288-933D-9D6A1AF7CA1C} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll => Brak pliku BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll => Brak pliku Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25] () Toolbar: HKU\S-1-5-21-4189835581-805814904-2857990135-1003 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25] () C:\Program Files\DAEMON Tools ToolbaR FF Extension: (DAEMON Tools Toolbar) - C:\Users\KLAUDIA\AppData\Roaming\Mozilla\Firefox\Profiles\qz0lznh4.default\Extensions\DTToolbar@toolbarnet.com [2016-04-24] [Brak podpisu cyfrowego] FF Extension: (Firefox Helper2) - C:\Users\KLAUDIA\AppData\Roaming\Mozilla\Firefox\Profiles\qz0lznh4.default\Extensions\firefox@helper2 [2016-03-06] [Brak podpisu cyfrowego] FF SearchPlugin: C:\Users\KLAUDIA\AppData\Roaming\Mozilla\Firefox\Profiles\qz0lznh4.default\searchplugins\search.xml [2016-08-16] FF ProfilePath: C:\Users\KLAUDIA\AppData\Roaming\Profiles\2tdl24tg.default [2017-07-10] <==== UWAGA FF NewTab: Profiles\2tdl24tg.default -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqC3AqAXAnAE..&v=20160711&uid=F5E95706358FDA3677D12E18E6CE6B24&ptid=amz&mode=loadm FF DefaultSearchEngine: Profiles\2tdl24tg.default -> hohosearch FF DefaultSearchEngine.US: Profiles\2tdl24tg.default -> data:text/plain,browser.search.defaultenginename.US=hohosearch FF SelectedSearchEngine: Profiles\2tdl24tg.default -> hohosearch FF Homepage: Profiles\2tdl24tg.default -> hxxp://www.searchinme.com/?type=hp&ts=1469351501662&z=63aa2c31e923b6efd728754g6z1maq6t2eacfw5wcq&from=official&uid=FUJITSUXMHZ2160BHXG2_K62KT8C2BVVFT8C2BVVFX FF Keyword.URL: Profiles\2tdl24tg.default -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?uid=F5E95706358FDA3677D12E18E6CE6B24&ptid=amz&ts=AHEqC3AqAXAnAE..&v=20160711&mode=ffexttoolbar&q= FF Extension: (GsearchFinder) - C:\Users\KLAUDIA\AppData\Roaming\Profiles\2tdl24tg.default\Extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi [2016-07-12] FF Extension: (SimilarWeb) - C:\Users\KLAUDIA\AppData\Roaming\Profiles\2tdl24tg.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2016-10-16] [Brak podpisu cyfrowego] FF Extension: (FF Adr) - C:\Users\KLAUDIA\AppData\Roaming\Profiles\2tdl24tg.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2016-10-16] [Brak podpisu cyfrowego] FF Extension: (DAEMON Tools Toolbar) - C:\Users\KLAUDIA\AppData\Roaming\Profiles\2tdl24tg.default\Extensions\DTToolbar@toolbarnet.com [2016-10-16] [Brak podpisu cyfrowego] FF Extension: (Firefox Helper2) - C:\Users\KLAUDIA\AppData\Roaming\Profiles\2tdl24tg.default\Extensions\firefox@helper2 [2016-07-08] [Brak podpisu cyfrowego] FF SearchPlugin: C:\Users\KLAUDIA\AppData\Roaming\Profiles\2tdl24tg.default\searchplugins\search.xml [2016-07-02] FF SearchPlugin: C:\Users\KLAUDIA\AppData\Roaming\Profiles\2tdl24tg.default\searchplugins\searchinme.xml [2016-07-24] FF SearchPlugin: C:\Users\KLAUDIA\AppData\Roaming\Profiles\2tdl24tg.default\searchplugins\vtgr16qe.xml [2016-07-08] FF ProfilePath: C:\Users\KLAUDIA\AppData\Roaming\Firefox\Firefox\Profiles\qz0lznh4.default [2016-07-24] <==== UWAGA FF NetworkProxy: Firefox\Firefox\Profiles\qz0lznh4.default -> user_pref("network.proxy.type", 5) FF Extension: (DAEMON Tools Toolbar) - C:\Users\KLAUDIA\AppData\Roaming\Firefox\Firefox\Profiles\qz0lznh4.default\Extensions\DTToolbar@toolbarnet.com [2016-07-24] [Brak podpisu cyfrowego] FF Extension: (Firefox Helper2) - C:\Users\KLAUDIA\AppData\Roaming\Firefox\Firefox\Profiles\qz0lznh4.default\Extensions\firefox@helper2 [2016-07-24] [Brak podpisu cyfrowego] FF SearchPlugin: C:\Users\KLAUDIA\AppData\Roaming\Firefox\Firefox\Profiles\qz0lznh4.default\searchplugins\search.xml [2016-07-19] FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [Brak pliku] FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [Brak pliku] R2 IlS; C:\ProgramData\Tencent\QQ\report\report.dll [347136 2016-10-19] () [Brak podpisu cyfrowego] R2 InterHop; C:\Program Files\InterHop\InterHop.exe [159232 2016-10-09] () [Brak podpisu cyfrowego] <==== UWAGA R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA R2 Kyubey; C:\Users\KLAUDIA\AppData\Roaming\Kyubey\Kyubey.exe [240128 2017-03-29] () [Brak podpisu cyfrowego] <==== UWAGA R2 PrivoxyService; C:\Program Files\SmartComp Safe Network\privoxy.exe [371200 2017-07-10] (The Privoxy team - www.privoxy.org) [Brak podpisu cyfrowego] <==== UWAGA R2 UvConverter; C:\Program Files\UvConverter\UvConverter.exe [438784 2016-10-19] () [Brak podpisu cyfrowego] <==== UWAGA R2 winsaber; C:\Program Files\WinSaber\WinSaber.exe [422168 2016-07-19] () R2 WinSAPSvc; C:\Users\KLAUDIA\AppData\Roaming\WinSAPSvc\WinSAP.dll [218624 2017-03-29] (Windows) [Brak podpisu cyfrowego] <==== UWAGA R2 WINSNARE; C:\Users\KLAUDIA\AppData\Roaming\WINSNARE\WinSnare.dll [648704 2017-03-29] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [1254960 2016-08-24] (ExWzp Pvt Ltd.) [Brak podpisu cyfrowego] <==== UWAGA S2 CommandHandler; "C:\Program Files\Firefox\bin\FirefoxCommand.exe" [X] <==== UWAGA S2 FirefoxU; "C:\Program Files\Firefox\bin\FirefoxUpdate.exe" [X] <==== UWAGA S2 JunetoeP; "C:\ProgramData\Junetoe\Junetoe.exe" [X] S2 JunetoeU; "C:\Program Files\Junetoe\Update\JunetoeUpdate.exe" [X] S2 kucipycloudsrv; "C:\Program Files\Kucipy\kucipycloudsrv.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X] S2 MVCSrv; C:\ProgramData\Package Cache\{2A002F88-FD5D-379B-A350-A25D84AF128B}v14.0.25420\packages\VisualC_D14\VC_IDE.Base\VC_IDE_Base.dll [X] <==== UWAGA S3 OpenVPNService; "C:\Program Files\OpenVPN\bin\openvpnserv.exe" [X] C:\Users\KLAUDIA\AppData\Roaming\WINSNARE C:\Users\KLAUDIA\AppData\Roaming\WinSAPSvc R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [227776 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [50280 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [59152 2016-05-19] (Elex do Brasil Participações Ltda) <==== UWAGA C:\Windows\System32\DRIVERS\iSafeNetFilter.sys C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys C:\Users\Public\Documents\temp.dat C:\Users\Public\Documents\report.dat C:\Users\Public\Documents\report1.dat C:\Program Files\SSFK.exe 2016-03-31 19:07 - 2016-03-31 19:07 - 0000000 _____ () C:\Users\KLAUDIA\AppData\Roaming\agent.dat 2016-03-31 19:04 - 2016-03-31 19:04 - 0056756 _____ () C:\Users\KLAUDIA\AppData\Roaming\inst.lat 2016-03-31 19:04 - 2016-03-31 19:04 - 0014208 _____ () C:\Users\KLAUDIA\AppData\Roaming\InstallationConfiguration.xml 2016-03-31 19:04 - 2016-03-31 19:04 - 0127488 _____ () C:\Users\KLAUDIA\AppData\Roaming\Installer.dat 2016-03-31 19:04 - 2016-03-31 19:04 - 0955392 _____ () C:\Users\KLAUDIA\AppData\Roaming\TransFind.exe 2016-03-31 19:07 - 2016-03-31 19:07 - 0791736 _____ () C:\Users\KLAUDIA\AppData\Roaming\TransFind.tst C:\Users\KLAUDIA\lluuitgg.exe C:\Users\KLAUDIA\rvmqugln.exe HOSTS: EmptyTemp: Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW). 3) Użyj >Adw-cleaner najpierw kliknij na SKANUJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego. Pokaż raport z niego "C" 4) Zrób nowe logi FRST. przed skanem zaznacz: Additional.txt Shortcut.txt,
orzeszkowa komentarz 11 lipca 2017 Autor komentarz 11 lipca 2017 O ile się nie mylę to chyba o ten raport chodzi. AdwCleaner[C0].txt Dodaję jeszcze ten plik który pojawił się po zakończeniu naprawiania w FRST. Fixlog_12-07-2017 00.55.59.txt
Twój_Anioł_Stróż komentarz 12 lipca 2017 komentarz 12 lipca 2017 Nie wykonane jeszcze to moje zalecenie: Cytuj 4) Zrób nowe logi FRST. przed skanem zaznacz: Additional.txt Shortcut.txt,
orzeszkowa komentarz 12 lipca 2017 Autor komentarz 12 lipca 2017 Addition_12-07-2017 03.29.58.txt FRST_12-07-2017 03.29.58.txt Shortcut_12-07-2017 03.29.58.txt
Twój_Anioł_Stróż komentarz 12 lipca 2017 komentarz 12 lipca 2017 Uruchom FRST. NA klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego: ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll -> Brak pliku ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => -> Brak pliku DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56444A2D-5350-006A-76A7-A758B70C2300} DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56444A2D-5350-006A-76A7-A758B70C2300} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe Task: {4CB020EB-0A09-4995-AC1C-C4A9C5A17D47} - \SmartComp Safe Network Schedualer -> Brak pliku <==== UWAGA Task: {EFCEA455-0B43-4150-8402-F57071A942E7} - System32\Tasks\{FDC2F8E9-6908-4CC1-80B0-9ED8E176C4CF} => pcalua.exe -a "C:\Program Files\Elex-tech\YAC\uninstall.exe" C:\Users\KLAUDIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\user0 - Chrome.lnk AlternateDataStreams: C:\Users\KLAUDIA\Local Settings:init [7642620] HKU\S-1-5-21-4189835581-805814904-2857990135-1003\...\Run: [MSConfig] => C:\Users\KLAUDIA\dfqmc.exe [39694336 2017-07-11] (CONduit) C:\Users\KLAUDIA\dfqmc.exe RemoveDirectory: C:\Program Files\Elex-tech ShortcutTarget: EA_RESTART_001.lnk -> C:\Users\KLAUDIA\AppData\Local\Temp\AutoRun.exe (Brak pliku) CHR Extension: (6f0fb051f29334d56c00aced054b556f) - C:\Program Files\Google\Chrome\Application\6f0fb051f29334d56c00aced054b556f [2017-07-11] C:\Program Files\Google\Chrome\Application\6f0fb051f29334d56c00aced054b556f C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk C:\Users\Public\Desktop\Mozilla Firefox.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EA_RESTART_001.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\OpenVPN GUI.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Uninstall OpenVPN.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Utilities\Generate a static OpenVPN key.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Shortcuts\OpenVPN configuration file directory.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Shortcuts\OpenVPN log file directory.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Shortcuts\OpenVPN Sample Configuration Files.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Manual Page.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Windows Notes.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Luxor\Luxor.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Luxor\Uninstall Luxor.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora 3D Text & Logo Maker\Aurora 3D Text & Logo Maker with DirectX.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora 3D Text & Logo Maker\Uninstall Aurora 3D Text & Logo Maker.lnk C:\Users\KLAUDIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk C:\Users\KLAUDIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk C:\Users\KLAUDIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4401ea30503fe87e\Google Chrome.lnk C:\Users\KLAUDIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3ea9b03f7eb2643e\user0 - Chrome.lnk C:\Users\KLAUDIA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\user0 - Chrome.lnk C:\Users\Piotr Lis\Desktop\Virtual DJ Trial.lnk C:\Users\Piotr Lis\Desktop\VirtualDJ Home FREE.lnk C:\Users\Piotr Lis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk C:\Users\Piotr Lis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk C:\Users\Piotr Lis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk C:\Users\Piotr Lis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk C:\Users\Piotr Lis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Rip DVD.lnk C:\Users\Piotr Lis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Rip Vinyl.lnk C:\Users\Piotr Lis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\VirtualDJ Home FREE.lnK EmptyTemp: Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW). Zrób nowe logi FRST -już bez Shortcut.
orzeszkowa komentarz 12 lipca 2017 Autor komentarz 12 lipca 2017 Addition_12-07-2017 05.09.34.txt Fixlog_12-07-2017 05.04.00.txt FRST_12-07-2017 05.09.34.txt
Twój_Anioł_Stróż komentarz 12 lipca 2017 komentarz 12 lipca 2017 1) Uruchom FRST. NA klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego: 2017-07-12 05:03 - 2017-07-12 05:03 - 34791424 ____H (CODuits) C:\Users\KLAUDIA\uwhdt.exe 2017-07-12 05:03 - 2017-07-12 05:03 - 00139264 ____H C:\Users\KLAUDIA\fhsoe.exe 2017-07-12 05:02 - 2017-07-12 05:02 - 48406528 ____H (CODuits) C:\Users\KLAUDIA\gitpf.exe 2017-07-12 05:02 - 2017-07-12 05:02 - 43761664 ____N (CODuits) C:\Users\KLAUDIA\oqbxn.exe EmptyTemp: Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW). 2) Zrób nowy log FRST - bez Addition, i bez Shortcut. 3) Napisz, jak oceniasz sytuację po tych usuwaniach?
orzeszkowa komentarz 12 lipca 2017 Autor komentarz 12 lipca 2017 Reklamy któe pojawiały się podczas przeglądania stron zniknęły, Chrome działa sprawniej, domyślna wyszukiwarka przełączyła się na Google tak jak powinno być, wszystko jest w porządku. Dziękuję za pomoc ! FRST_12-07-2017 13.29.18.txt
Twój_Anioł_Stróż komentarz 13 lipca 2017 komentarz 13 lipca 2017 (edytowane) Cytuj HKU\S-1-5-21-4189835581-805814904-2857990135-1003\...\Run: [MSConfig] => C:\Users\KLAUDIA\uwhdt.exe [34791424 2017-07-12] (CODuits) Ale to dalej jest! Uruchom FRST. NA klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego: Cytuj HKU\S-1-5-21-4189835581-805814904-2857990135-1003\...\Run: [MSConfig] => C:\Users\KLAUDIA\uwhdt.exe [34791424 2017-07-12] (CODuits) C:\Users\KLAUDIA\*.exe EmptyTemp: Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW). Jeszcze raz użyj MBAM. W folderze C:\Users\KLAUDIA nie powinno być żadnych plików *.exe, więc jeśli zauważysz w przyszłości tam jakiś plik *.exe, to użyj powtórnie powyższy "fixlist". Albo napisz na forum, i podaj log FRST (bo pliki mogą być dla Ciebie ukryte!) . Edytowane 13 lipca 2017 przez Twój_Anioł_Stróż
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.